CVE-2008-6511

Openfire < 3.6.0a - Open Redirect via login.jsp url Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6511. PoCs published by Andreas Kurtz.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Openfire Server <= 3.6.0a, including authentication bypass, SQL injection, and XSS. It provides technical descriptions and proof-of-concept examples for each vulnerability.

Description

Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Andreas Kurtz · textwebappsjsp
https://www.exploit-db.com/exploits/7075

This advisory details multiple vulnerabilities in Openfire Server <= 3.6.0a, including authentication bypass, SQL injection, and XSS. It provides technical descriptions and proof-of-concept examples for each vulnerability.

Classification
Writeup 100%
Attack Type
Auth Bypass | Sqli | Xss
Complexity
Moderate
Reliability
Reliable
Target: Openfire Server <= 3.6.0a
No auth needed
Prerequisites: Access to the Openfire admin interface · SIP plugin installation for SQLi exploitation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7075
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498162/100/0/threaded

Scores

EPSS 0.0183
EPSS Percentile 76.1%

Details

CWE
CWE-20
Status published
Products (25)
igniterealtime/openfire 2.6.0
igniterealtime/openfire 2.6.1
igniterealtime/openfire 2.6.2
igniterealtime/openfire 3.0.0
igniterealtime/openfire 3.0.1
igniterealtime/openfire 3.1.0
igniterealtime/openfire 3.1.1
igniterealtime/openfire 3.2.0
igniterealtime/openfire 3.2.1
igniterealtime/openfire 3.2.2
... and 15 more
Published Mar 23, 2009
Tracked Since Feb 18, 2026